Commit 5db96f87 authored by Dan Williams's avatar Dan Williams

Allows mgr caps to be added to keys.

Allows setting optional mgr caps on the cephx keys.
The mgr caps are required to query the ceph-mgr daemon.

Change-Id: I1c4d010b55611377573e4b928ee9527441050d51
Closes-Bug: #1720864
parent cb20c32c
......@@ -47,6 +47,10 @@
# Optional. e.g. 'allow *'
# Defaults to 'undef'.
#
# [*cap_mgr*] cephx capabilities for MGR access.
# Optional. e.g. 'allow *'
# Defaults to 'undef'.
#
# [*user*] Owner of the *keyring_path* file.
# Optional. Defaults to 'root'.
#
......@@ -77,6 +81,7 @@ define ceph::key (
$cap_mon = undef,
$cap_osd = undef,
$cap_mds = undef,
$cap_mgr = undef,
$user = 'root',
$group = 'root',
$mode = '0600',
......@@ -107,8 +112,13 @@ define ceph::key (
} else {
$mds_caps = ''
}
if $cap_mgr {
$mgr_caps = "--cap mgr '${cap_mgr}' "
} else {
$mgr_caps = ''
}
$caps = "${mon_caps}${osd_caps}${mds_caps}"
$caps = "${mon_caps}${osd_caps}${mds_caps}${mgr_caps}"
# this allows multiple defines for the same 'keyring file',
# which is supported by ceph-authtool
......
---
fixes:
- Bug 1720864 Allow setting optional manager capabilities on keys.
......@@ -38,13 +38,14 @@ describe 'ceph::key' do
:group => 'nogroup',
:cap_mon => 'allow *',
:cap_osd => 'allow rw',
:cap_mgr => 'allow *',
:inject => true,
}
end
it {
is_expected.to contain_exec('ceph-key-client.admin').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' "
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' --cap mgr 'allow *' "
)
is_expected.to contain_file('/etc/ceph/ceph.client.admin.keyring').with(
'owner' => 'nobody',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment